Quote:
Originally Posted by tarka
Also, (catching up again) there was suggestion that they do not actually tamper with the data stream because the processing gets performed on a mirrored copy of the page (at least in the latest known version of the system). Would the setting of forged cookies then stripping them out not count as modifying the data stream? (even though it is invisible to the website the user is visiting)
|
It certainly would. They peform n redirects in order to set the cookies in the first place (which in itself is a corruption of the communication), then set fake cookies, then strip them out on the outward request, and require you to retain an opt out cookie if you don't want to be profiled that you wouldn't otherwise require. And latency is added to your communication as a consequence of an additional 'network hop'.
Its a technical shambles. Phorm want you to get hung up on the details. Phorm will always counter that we've misunderstood their 'genius', or it will be fixed in version n+1, or simply lie and obfuscate the truth.
Its the essence, the principle of the thing that is wrong. No one should do this to private unencrypted communications (commercial or personal). Period. Its the fact they are intercepting communication without consent of both parties to the dialog that is deeply profoundly wrong... and all else follows.
The tech details are barely relevant.
Phorm must be stopped.